GnuTLS TLS 1.3 session resumption works without master key, allowing MITM (gitlab.com) 18 points by Sami_Lehtinen 6y ago ↗ HN
[–] chaz6 6y ago ↗ This seems to be in the GnuTLS implementation and not the specification itself as the title led me to believe. [–] bpfrh 6y ago ↗ Agreed, would be better if the title would be changed to "MITM flaw in Gnutls implementation of TLS 1.2 & 1.3" [–] dang 6y ago ↗ Fixed now. Submitted title was "TLS 1.3 session resumption works without master key, allowing MITM"
[–] bpfrh 6y ago ↗ Agreed, would be better if the title would be changed to "MITM flaw in Gnutls implementation of TLS 1.2 & 1.3"
[–] dang 6y ago ↗ Fixed now. Submitted title was "TLS 1.3 session resumption works without master key, allowing MITM"
[–] yourad_io 6y ago ↗ Any ideas which software uses gnutls by default? I couldn't figure it out. [–] fardelian 6y ago ↗ https://en.wikipedia.org/wiki/GnuTLS#Deployment>Software packages using GnuTLS include(d): GNOME CenterIM Exim Weechat Mutt Wireshark slrn Lynx CUPS gnoMint GNU Emacs Synology DiskStation Manager OpenConnect
[–] fardelian 6y ago ↗ https://en.wikipedia.org/wiki/GnuTLS#Deployment>Software packages using GnuTLS include(d): GNOME CenterIM Exim Weechat Mutt Wireshark slrn Lynx CUPS gnoMint GNU Emacs Synology DiskStation Manager OpenConnect
5 comments
[ 3.1 ms ] story [ 25.0 ms ] thread>Software packages using GnuTLS include(d):